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DETAILED ACTION 

1 . This action is responsive to communications: Amendment, filed 05/1 8/2007; 
Request for Continued Examination, filed 05/18/2007. 

2. Claims 1-3, 5, 6, 9-11, 13-16, 20, 21, 23-26, 30, 31, 33-36, and 39-46 are 
pending in the case. Claims 1 , 14, 24 and 39 are independent claims. 

Continued Examination Under 37 CFR 1. 1 14 

3. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
05/18/2007 has been entered. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 -3, 5,6,9-11,1 3-1 6, 20, 21 , 23-26, 30, 31 , 33-36, and 39-46 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Du et al. (hereinafter 
"Du"), U.S. Patent No. 6,041,306, issued March 2000, in view of SiteMinder Policy 
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Server Operations Guide, Version 4.0 (hereinafter "SiteMinder"), Netegrity Inc., 
published 1997 and submitted with Applicant's Information Disclosure Statement 
filed March 15,2004. 

Independent claim 1 cites: A computer-implemented method for using 
workflows, comprising the steps of: associating workflows with one or more groups in an 
identity system, each group including one or more users of the identity system; 

receiving a request to perform a task that pertains to at least one identity profile 
of an entity in said identity system; and performing a first workflow for said task f said 
first workflow is associated with a first group that includes a target identity profile; 

Du teaches a method for performing flexible workflow process execution in a 
distributed workflow management system (Abstract), and encapsulating legacy systems 
using business objects as a representation of something active in the business domain, 
to map between the business model and the operational procedures of the workflow 
process system (Col. 8, 1. 36-44; L 52-64). Du teaches launching workflow process 
instances in response to user requests (Col. 7, 1. 45-46). Du teaches that a policy is a 
set of rules that determines how resources, i.e., users, are related to tasks (Col. 8 f I. 52- 
63). Although Du teaches applying policies to users, Du does not explicitly teach 
associating workflows with groups in an identity system. However, SiteMinder teaches 
a policy server, i.e., identity system, for associating workflows, i.e., rules for user 
interaction with system resources, with policy domains (p. 235-237) by using SiteMinder 
responses and response groups (Chapter 11, p. 302-304) and creating policies, i.e., 
workflows, to specify actions that should take place when users access specific 
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resources, which are tasks and/or software within a domain (Chapter 12, Policies, p. 
325-328), compare to associating workflows with one or more groups in an identity 
system, each group including one or more users of the identity system. Specifically, 
SiteMinder teaches that a policy domain is a logical grouping of resources associated 
with one or more user directories, i.e., one or more users of the system (p. 235, par. 1; 
p. 235). 

Claim 1 also cites: said request includes an identification of said target identity 
profile; said step of performing includes the steps of identifying a plurality of workflows 
that perform said task and are associated with groups that include said target identity 
profile, said set plurality workflows includes said first workflow, reporting said set 
plurality workflows to a user, receiving from the user a selection of said first workflow 
from the plurality of workflows, and performing one or more steps of said first workflow] 
Du teaches the steps of identifying a plurality of workflows that perform a task and are 
associated with domains that include the target, and reporting one more workflow, and 
receiving from a user a selection of the first workflow, and performing one or more steps 
of said first workflow, in the prototype of automatically configuring a data path with a 
flexible workflow (Fig. 6, Col. 1, 1. 20-Col. 2, 1. 56; Col. 10, I. 5-Col. 11,1. 25). SiteMinder 
teaches a policy server, i.e., identity system, for associating workflows, i.e., rules for 
user interaction with system resources, with policy domains (p. 235-237) by using 
SiteMinder responses and response groups (Chapter 11, p. 302-304) and creating 
policies to specify actions that should take place when users access specific resources, 
which are tasks and/or software within a domain (Chapter 12, Policies, p. 325-328). 
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Both Du and SiteMinder are analogous art, since both are directed toward policy and 
identity management. It would have been obvious to one of ordinary skill in the art at 
the time of the invention to apply SiteMinder to Du, so that Du would have the benefit of 
a policy server which would integrate applications and improve workflow by integrating 
directories and external databases in its policies so that legacy applications and 
systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Claim 1 also cites: wherein; said first workflow comprises a predefined set of 
steps that perform said tasks to affect the target identity profile, said predefined set of 
steps comprising a first step and a second step; 

said first step is performed by a first program; 

said second step is performed by a second program; 

information is passed between said first program and said second program 
according to a defined set of rules: and 

at least one of the first program and the second program is external to the 
workflow. 

Du teaches creating workflow processes by assembling business objects in 
sequence, i.e., comprises a predefined set of steps that perform said tasks, and 
applying a set of rules for passing information between programs, and executing the 
flexible workflow processes as specified by a directed graph comprising a set of nodes 
connected by arcs (Col. 8, I. 45-63; Col. 11,1. 26-Col. 12, 1. 29). Du teaches resource 
mapping in flexible workflow paths that also support redirect resource mapping, which 
allows a business object to recommend another business object for a task (Col. 17, 1. 
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25-40), compare to information is passed between said first program and said second 
program according to a defined set of rules: and at least one of the first program and the 
second program is external to the workflow. The flexible workflow execution allows 
freedom of task assignment and external activities to be performed (Col. 12, 1. 41-43; 
Col. 6, 1. 39-49). 

Both Du and SiteMinder are analogous art, since both are directed toward policy 
and identity management. It would have been obvious to one of ordinary skill in the art 
at the time of the invention to apply SiteMinder to Du, so that Du would have the benefit 
of a policy server which would integrate applications and improve workflow by 
integrating directories and external databases in its policies so that legacy applications 
and systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Regarding dependent claim 2, while Du does not explicitly teach associating a 
workflow with a hierarchical data structure, SiteMinder teaches creating a policy domain 
which contains zero or more realms (p. 241, "Creating a Realm"). SiteMinder teaches 
that realms represent groups of resources and realms can be nested within other 
realms to represent the grouping of network resources (p. 247-249, "Understanding 
Nested Realms"). Both Du and SiteMinder are analogous art, since both are directed 
toward policy management. It would have been obvious to one of ordinary skill in the 
art at the time of the invention to apply SiteMinder to Du, so that Du would have the 
benefit of a policy server which would integrate applications and improve workflow by 
integrating directories and external databases in its policies so that legacy applications 
and systems could still be used (SiteMinder, p. 22-23, last paragraph). 
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Regarding dependent claim 3, Du teaches identifying one or more workflows 
associated with a target identity profile (Col. 5, 1. 59-Col. 6, 1. 10). SiteMinder teaches 
associating resources with a policy domain (p. 235-236). Both Du and SiteMinder are 
analogous art, since both are directed toward policy management. It would have been 
obvious to one of ordinary skill in the art at the time of the invention to apply SiteMinder 
to Du, so that Du would have the benefit of a policy server which would integrate 
applications and improve workflow by integrating directories and external databases in 
its policies so that legacy applications and systems could still be used (SiteMinder, p. 
22-23, last paragraph). 

Regarding dependent claims 5 and 6, Du teaches that the user can request to 
delete or modify a target identity profile, for example the role specification and activity to 
a business object (Col. 19, 1. 54-67). In another example, the user can request to add 
or drop communication paths between certain endpoints in a private virtual network 
(Col. 10, 1. 40-45). 

Regarding dependent claims 9 and 10, Du teaches the use of policies to 
ensure proper authorization and authentication (Col. 8, 1. 57-63), but Du does not 
explicitly teach an integrated identity and access system. However, SiteMinder 
comprises an integrated identity and access system (p. 20-24, "Overview") with user 
self-registration (p. 395, par. 2). Both Du and SiteMinder are analogous art, since both 
are directed toward policy management. It would have been obvious to one of ordinary 
skill in the art at the time of the invention to apply SiteMinder to Du, so that Du would 
have the benefit of a policy server which would integrate applications and improve 
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workflow by integrating directories and external databases in its policies so that legacy 
applications and systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Regarding dependent claim 1 1 , Du teaches that workflows can delegate work 
to other workflow processes or resources (Col. 20, 1. 50-Col. 21, 1. 15). 

Regarding dependent claim 13, while Du does not explicitly teach associating a 
workflow with a hierarchical data structure, SiteMinder teaches creating a policy domain 
which contains zero or more realms (p. 241 , "Creating a Realm"). SiteMinder teaches 
that realms represent groups of resources and realms can be nested within other 
realms to represent the grouping of network resources (p. 247-249, "Understanding 
Nested Realms"). SiteMinder teaches that the hierarchical data structure of policy 
domains and realms includes an LDAP directory (p. 352). Both Du and SiteMinder are 
analogous art, since both are directed toward policy management. It would have been 
obvious to one of ordinary skill in the art at the time of the invention to apply SiteMinder 
to Du, so that Du would have the benefit of a policy server which would integrate 
applications and improve workflow by integrating directories and external databases in 
its policies so that legacy applications and systems could still be used (SiteMinder, p. 
22-23, last paragraph). 

In regard to independent claim 14, claim 14 reflects the processor readable 
storage device(s) having processor readable code used to perform the method as 
claimed in claim 1 , and is rejected along the same rationale. 

In regard to dependent claims 15-21 and 23, claims 15-21 and 23 reflect the 
processor readable storage device(s) having processor readable code used to perform 
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the method as claimed in claims 2, 3, 4, 7-9, 1 1 , and 1 3, and are rejected along the 
same rationale. 

In regard to independent claim 24, claim 24 reflects the apparatus used to 
perform the method as claimed in claim 1 , and is rejected along the same rationale. 

In regard to dependent claims 25-33, claims 25-31 and 33 reflect the 
apparatus used to perform the method as claimed in claims 2, 3, 4, 7-9, 11, and 13, and 
are rejected along the same rationale. 

Regarding dependent claims 34 and 35, while Du teaches a flexible workflow 
process execution system, Du does not explicitly teach managing a target identity 
profile. However, SiteMinder teaches automatically managing target user identity 
profiles using workflows, i.e., specifying templates and sequences for registration (p. 
398-399; p. 398-401). SiteMinder teaches applying domain policies to users (p. 141- 
416), i.e., changing a user attribute. Both Du and SiteMinder are analogous art, since 
both are directed toward policy management. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to apply SiteMinder to Du, so that Du 
would have the benefit of a policy server which would integrate applications and 
improve workflow by integrating directories and external databases in its policies so that 
legacy applications and systems could still be used (SiteMinder, p. 22-23, last 
paragraph). 

Regarding dependent claim 36, while Du does not explicitly teach managing 
certificates, SiteMinder teaches managing certificates associated with identity profiles 
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(p. 533-536) via the user's browser. Both Du and SiteMinder are analogous art, since 
both are directed toward policy management. It would have been obvious to one of 
ordinary skill in the art at the time of the invention to apply SiteMinder to Du, so that Du 
would have the benefit of a policy server which would integrate applications and 
improve workflow by integrating directories and external databases in its policies so that 
legacy applications and systems could still be used (SiteMinder, p. 22-23, last 
paragraph). 

Regarding independent claim 39, Du teaches a method for performing flexible 
workflow process execution in a distributed workflow management system (Abstract), 
and encapsulating legacy systems using business objects as a representation of 
something active in the business domain, to map between the business model and the 
operational procedures of the workflow process system (Col. 8, 1. 36-44; I. 52-64). Du 
teaches launching workflow process instances in response to user requests (Col. 7, 1. 
45-46). Du teaches that a policy is a set of rules that determines how resources, i.e., 
users, are related to tasks (Col. 8, 1. 52-63). Du teaches identifying a plurality of 
workflows that perform a task and are associated with groups that include the target, 
and reporting one more workflow, and receiving from a user a selection of the first 
workflow, and performing steps of the workflow, automatically configuring a data path 
with a flexible workflow (Fig. 6, Col. 1, 1. 20-Col. 2, 1. 56; Col. 10, 1. 5-Col. 11,1. 25). 

Although Du teaches applying policies to users, Du does not explicitly teach 
associating workflows with groups in an identity system. SiteMinder teaches a policy 
server, i.e., identity system, for associating workflows, i.e., rules for user interaction with 



Application/Control Number: 09/998,895 Page 1 1 

Art Unit: 2176 

system resources, with policy domains (p. 235-237) by using SiteMinder responses and 
response groups (Chapter 11, p. 302-304) and creating policies, i.e., workflows, to 
specify actions that should take place when users access specific resources, which are 
tasks and/or software within a domain (Chapter 12, Policies, p. 325-328). Specifically, 
SiteMinder teaches that a policy domain is a logical grouping of resources associated 
with one or more user directories, i.e., one or more users of the system (p. 235, par. 1 ; 
p. 235). SiteMinder teaches that each user of the system has an associated identity 
profile (p. 396-403, especially p. 396-397; p. 419-424; p. 431-435), compare to 
associating workflows with one or more groups in an identity system, each group 
including one or more users of the identity system and each user of the identity system 
having an associated identity profile. SiteMinder teaches receiving a request to 
perform a task that pertains to a target identity profile in the identity system, wherein the 
request includes an identification of the target identity profile; identifying a plurality of 
workflows that perform the task and are associated with groups that include the user 
associated with the target identity profile; and reporting the plurality of workflows; since 
SiteMinder teaches that policies, or workflows, contain rules, specified users or groups 
of users, responses, i.e., the action that is triggered in the workflow, and which have 
bindings to link a user with a policy (p. 326-328, also see Ch. 12, Policies). SiteMinder 
teaches receiving a user selection of a first workflow from the set of one or more 
workflows; and performing one or more steps of said first workflow to affect the target 
identity profile, because SiteMinder teaches that each user of the system has an 
associated identity profile, and that the system may be configured with a policy for user 
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self-registration, i.e., a workflow, which contains steps for users to modify their own 
profiles (p. 398; p. 419-435), including deleting and modifying their own profiles. 

Claim 39 further cites: performing a first step of said first workflow with a first 
program to affect the target identity profile, wherein the first program comprises one of a 
user manager, a group manager, and an organization manager; and performing a 
second step of said first workflow with a second program, wherein the second program 
comprises one of the user manager, the group manager, and the organization manager 
and wherein the second program is different from the first program 
Du teaches the use of workflow management subsystems, or resource managers, 
which assign resources to workflow activities when needed (col. 8, 1. 53-col. 9, 1. 5; col. 
20, 1. 50-col. 21, 1. 15), and Du teaches a process model of nodes and a directed graph, 
containing work nodes which represent workflow processes, i.e., steps of workflows 
(col. 6, 1. 12-col. 7, 1. 35). Therefore Du teaches that the different workflow management 
subsystems and interface perform the steps of the workflow (col. 5, 1. 59-col. 6, 1. 10), 
and separate managers, such as group manager (col. 7, 1. 64-col. 8, 1. 2) and role 
manager (col. 19, 1. 46-67). SiteMinder teaches that policies, or workflows, contain 
rules, specified users or groups of users, responses, i.e., the action that is triggered in 
the workflow, and which have bindings to link a user with a policy (p. 326-328, also see 
Ch. 12, Policies). 

Both Du and SiteMinder are analogous art, since both are directed toward policy 
and identity management. It would have been obvious to one of ordinary skill in the art 
at the time of the invention to apply SiteMinder to Du, so that Du would have the benefit 
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of a policy server which would integrate applications and improve workflow by 
integrating directories and external databases in its policies so that legacy applications 
and systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Regarding dependent claims 40-43, SiteMinder teaches that each user of the 
system has an associated identity profile, and that the system may be configured with a 
policy for user self-registration, i.e., a workflow, which contains steps for users to modify 
their own profiles (p. 398; p. 419-435), including deleting and modifying their own 
profiles. Both Du and SiteMinder are analogous art, since both are directed toward 
policy and identity management. It would have been obvious to one of ordinary skill in 
the art at the time of the invention to apply SiteMinder to Du, so that Du would have the 
benefit of a policy server which would integrate applications and improve workflow by 
integrating directories and external databases in its policies so that legacy applications 
and systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Regarding dependent claim 44, Du teaches that said second program performs 
a second workflow to affect the target identity profile. Du teaches identifying a plurality 
of workflows that perform a task and are associated with groups that include the target, 
and reporting one more workflow, and receiving from a user a selection of the first 
workflow, and performing steps of the workflow, automatically configuring a data path 
with a flexible workflow (Fig. 6, Col. 1, 1. 20-Col. 2, 1. 56; Col. 10, 1. 5-Col. 11,1. 25). 

Regarding dependent claim 45, Du teaches that the second program is 
identified in an event catalog of the first workflow, since Du teaches logging each node 
transition and event in the OpenPM Engine (col. 7, 1. 35-col. 8, 1. 10). 
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Regarding dependent claim 46, Du teaches that the event catalog further 
identifies one or more parameters for passing information between the first program and 
the second program, because Du further teaches that the OpenPM Engine contains an 
abstraction called a business object to encapsulate whatever piece of work each 
process activity, i.e., program, has to accomplish and provides a mapping between the 
business model and the operational procedures of the workflow process system (col. 8, 
I. 12-52). 

Response to Arguments 

Applicant's arguments filed 05/18/2007 in regard to the 35 U.S.C. 103 rejections, 
Du in view of SiteMinder (Remarks, p. 11-15), have been fully considered but they are 
not persuasive. Applicant argues that the Du and SiteMinder references do not teach 
the newly claimed limitations of amended claims 1, 14, and 24, said request includes an 
identification of said target identity profile; said step of performing includes the steps of 
identifying a plurality of workflows that perform said task and are associated with groups 
that include said target identity profile, said set plurality workflows includes said first 
workflow, reporting said set plurality workflows to a user, receiving from the user a 
selection of said first workflow from the plurality of workflows, and performing one or 
more steps of said first workflow] (Claim 1). 

However, the combination of Du and SiteMinder does teach the above 
limitations. Du teaches the steps of identifying a plurality of workflows that perform a 
task and are associated with domains that include the target, and reporting one more 
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workflow, and receiving from a user a selection of the first workflow, and performing one 
or more steps of said first workflow, in the prototype of automatically configuring a data 
path with a flexible workflow (Fig. 6, Col. 10, 1. 5-Col. 11,1. 25). SiteMinder teaches a 
policy server, i.e., identity system, for associating workflows, i.e., rules for user 
interaction with system resources, with policy domains (p. 235-237) by using SiteMinder 
responses and response groups (Chapter 1 1 , p. 302-304) and creating policies to 
specify actions that should take place when users access specific resources, which are 
tasks and/or software within a domain (Chapter 12, Policies, p. 325-328). Both Du and 
SiteMinder are analogous art, since both are directed toward policy and identity 
management. It would have been obvious to one of ordinary skill in the art at the time 
of the invention to apply SiteMinder to Du, so that Du would have the benefit of a policy 
server which would integrate applications and improve workflow by integrating 
directories and external databases in its policies so that legacy applications and 
systems could still be used (SiteMinder, p. 22-23, last paragraph). 

Applicant's arguments with respect to claims 39-43 have been considered but are 
moot in view of the new ground(s) of rejection. The new grounds of rejection includes 
the Du patent, which is being relied upon to teach the newly claimed limitations, 

. . . performing a first step of said first workflow with a first program to affect the 
target identity profile, wherein the first program comprises one of a user manager, a 
group manager, and an organization manager; and performing a second step of said 
first workflow with a second program, wherein the second program comprises one of the 
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user manager, the group manager, and the organization manager and wherein the 
second program is different from the first program (Claim 39). 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Amelia Rutledge whose telephone number is 571-272- 
7508. The examiner can normally be reached on Monday - Friday 9:30 - 6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Doug Hutton can be reached on 571-272-4137. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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